CVE-2025-6807 is a medium-severity vulnerability classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory, commonly known as Path Traversal) affecting Marvell's QConvergeConsole product, specifically version 5.5.0.78. The vulnerability resides in the getDriverTmpPath method, which fails to properly validate user-supplied input paths before performing file operations. This flaw allows a remote attacker to craft malicious requests that traverse directories beyond the intended scope, enabling unauthorized disclosure of sensitive information stored on the system. Notably, exploitation does not require any authentication or user interaction, increasing the attack surface and ease of exploitation. The vulnerability allows attackers to read files with SYSTEM-level privileges, potentially exposing critical configuration files, credentials, or other sensitive data. Although no known exploits are currently reported in the wild, the vulnerability's remote and unauthenticated nature makes it a significant risk. The CVSS v3.0 base score is 5.3, reflecting a medium severity primarily due to the confidentiality impact without affecting integrity or availability. The vulnerability was publicly disclosed on July 7, 2025, and was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24980. No patches or mitigations have been officially released at the time of this report, emphasizing the need for immediate attention from affected organizations.

For European organizations using Marvell QConvergeConsole 5.5.0.78, this vulnerability poses a tangible risk of sensitive information leakage. Given that the flaw allows unauthenticated remote attackers to access SYSTEM-level files, attackers could obtain critical data such as system configurations, credentials, or proprietary information, potentially facilitating further attacks or espionage. Sectors with high reliance on Marvell networking and storage solutions—such as telecommunications, data centers, and critical infrastructure—may face increased risk. The exposure of sensitive information could lead to regulatory non-compliance under GDPR, resulting in legal and financial penalties. Additionally, the loss of confidentiality could damage organizational reputation and trust. Although the vulnerability does not directly impact system integrity or availability, the information disclosure could be leveraged in multi-stage attacks, increasing overall threat severity. The lack of authentication requirement broadens the potential attacker base, including external threat actors and opportunistic attackers scanning for vulnerable systems across Europe.

Given the absence of an official patch, European organizations should implement the following specific mitigations: 1) Restrict network access to the QConvergeConsole management interface by enforcing strict firewall rules and network segmentation, limiting exposure to trusted internal IP addresses only. 2) Monitor and log all access attempts to the QConvergeConsole, focusing on anomalous or unexpected requests that may indicate exploitation attempts. 3) Employ Web Application Firewalls (WAFs) or Intrusion Detection/Prevention Systems (IDS/IPS) with custom rules to detect and block path traversal patterns in incoming requests targeting the getDriverTmpPath method. 4) Conduct thorough audits of file permissions and ensure that sensitive files are not unnecessarily accessible by the QConvergeConsole service. 5) Engage with Marvell support channels to obtain updates on patch availability and apply them promptly once released. 6) Educate system administrators on the risks of this vulnerability and encourage immediate reporting of suspicious activities. These targeted actions go beyond generic advice by focusing on network-level controls, monitoring, and proactive detection tailored to the vulnerability's characteristics.